On 08/22/16 08:17, Claudio Jeker wrote:
On Sun, Aug 21, 2016 at 02:25:15PM -0400, Ted Unangst wrote:
Andreas Bartelt wrote:
Since the use of TLS session tickets potentially interferes with forward
secrecy on a per-session basis, I'd personally prefer an opt-in in
libtls as well as in httpd
On Sun, Aug 21, 2016 at 02:25:15PM -0400, Ted Unangst wrote:
> Andreas Bartelt wrote:
> > Since the use of TLS session tickets potentially interferes with forward
> > secrecy on a per-session basis, I'd personally prefer an opt-in in
> > libtls as well as in httpd with regard to its usage.
Andreas Bartelt wrote:
> Since the use of TLS session tickets potentially interferes with forward
> secrecy on a per-session basis, I'd personally prefer an opt-in in
> libtls as well as in httpd with regard to its usage. However, such a
> semantic change would not be transparent. Any opinions
Hello,
LibreSSL enables the use of the TLS session ticket extension [RFC 5077,
or, according to comments in source code its older version 4507] by
default, and libtls currently doesn't provide an API call for disabling
this feature.
Consequently, OpenBSD's httpd has TLS session tickets